//Copyright (C) 1998-2008, Sumisho Computer Systems Corp. All Rights Reserved.

//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at

//http://www.apache.org/licenses/LICENSE-2.0

//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.

/**
 * @author Hitoshi Okada
 */

package com.curlap.orb.servlet;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;

import org.apache.commons.beanutils.MethodUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.curlap.orb.security.AccessControlFilter;

/**
 * InvokeServlet
 */
public class InvokeServlet extends InstanceManagementServlet
{
	private static final long serialVersionUID = 1L;

    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException
    {
        super.doPost(request, response);
        final InvokeRequest invokeRequest = 
            (InvokeRequest)request.getAttribute(InstanceManagementServlet.REQUEST_OBJECT);
        try
        {
            final CurlConfig config = (CurlConfigFactory.getInstance(getServletContext())).getCurlConfig();
            if (!config.enabledHttpSessionMethod())
                throw new InstanceManagementException("HttpSession method is disabled.");

            final Log log = LogFactory.getLog(InvokeServlet.class);
            final String methodName = invokeRequest.getMethodName();
            final Object[] arguments = invokeRequest.getArguments();
            Object returnValue = null;
            if(invokeRequest.getObjectId() == null)
            {
                // static method
                if(invokeRequest.getClass() == null)
                    throw new InstanceManagementException("Does not exist class name and object id.");
                final String className = invokeRequest.getClassName();
                // - Security - access control
                (AccessControlFilter.getInstance(config.getAccessControlList())).checkAccessControlList(className, methodName, arguments);
                returnValue = MethodUtils.invokeStaticMethod(Class.forName(className), methodName, arguments);
                // debug
                log.debug("Request invoke(HttpSession) [" + className + "." + methodName + " " + arguments + "]");
            } 
            else
            {
                // non static method
                final Object obj = request.getSession(false).getAttribute(invokeRequest.getObjectId());
                final String className = obj.getClass().getName();
                // - Security - access control
                (AccessControlFilter.getInstance(config.getAccessControlList())).checkAccessControlList(className, methodName, arguments);
                returnValue = MethodUtils.invokeMethod(obj, methodName, arguments);
                // debug
                log.debug("Request invoke(HttpSession) [" + className + "." + methodName + " " + arguments + "]");
            }
            request.setAttribute(InstanceManagementServlet.RESPONSE_OBJECT, returnValue);
        }
        // IOException, SerializerException, InstanceManagementException ...etc
        catch (Exception e)
        {
            request.setAttribute(InstanceManagementServlet.RESPONSE_OBJECT, e);
        }
    }
}
